Contents

The goal of this document is to help operational teams with the configuration of TLS. All Mozilla websites and deployments should follow the recommendations below.

Mozilla maintains this document as a reference guide for navigating the TLS landscape, as well as a configuration generator to assist system administrators. Changes are reviewed and merged by the Mozilla Operations Security and Enterprise Information Security teams.

Recommended configurations

Modern: Modern clients that support TLS 1.3, with no need for backwards compatibility

Intermediate: Recommended configuration for a general-purpose server

Old: Services accessed by very old clients or libraries, such as Internet Explorer 8 (Windows XP), Java 6, or OpenSSL 0.9.8

Configuration

Firefox

Android

Chrome

Edge

Internet Explorer

Java

OpenSSL

Opera

Safari

Modern

63

10.0

70

75

--

11

1.1.1

57

12.1

Intermediate

27

4.4.2

31

12

11 (Win7)

8u31

1.0.1

20

9

Old

1

2.3

1

12

8 (WinXP)

6

0.9.8

5

1

The ordering of cipher suites in the Old configuration is very important, as it determines the priority with which algorithms are selected.

OpenSSL will ignore cipher suites it doesn't understand, so always use the full set of cipher suites below, in their recommended order. The use of the Old configuration with modern versions of OpenSSL may require custom builds with support for deprecated ciphers.

Modern compatibility

For services with clients that support TLS 1.3 and don't need backward compatibility, the Modern configuration provides an extremely high level of security.

The cipher suites are all strong and so we allow the client to choose, as they will know best if they have support for hardware-accelerated AES

We recommend ECDSA certificates using P-256, as P-384 provides negligable improvements to security and Ed25519 is not yet widely supported

Intermediate compatibility (recommended)

For services that don't need compatibility with legacy clients, such as Windows XP or old versions of OpenSSL. This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.

Take a hard look at your infrastructure needs before using this configuration; it is intended for special use cases only

If possible, use this configuration only for endpoints that require it, segregating it from other traffic

SSLv3 has been disabled entirely, ending support for older Windows XP SP2 clients. Users requiring support for Windows XP SP2 may use previous versions of this configuration, with the caveat that SSLv3 is no longer safe to use

This configuration requires custom builds to work with modern versions of OpenSSL, using enable-ssl3, enable-ssl3-method, enable-deprecated, and enable-weak-ssl-ciphers

Most ciphers that are not clearly broken and dangerous to use are supported

JSON version of the recommendations

Mozilla also maintains these recommendations in JSON format, for automated system configuration. This location is versioned and permanent, and can be referenced in scripts and tools. The file will not change, to avoid breaking tools when we update the recommendations.

We also maintain a rolling version of these recommendations, with the caveat that they may change without warning and without providing backwards compatibility. As it may break things if you use it to automatically configure your servers without review, we recommend you use the version-specific file instead.